Skip to content

Basics

What it is

Kubernetes orchestrates containers across a cluster of machines using a master-worker architecture and a RESTful API.

Key Components

  • Control Plane (Master Node)
  • etcd: A distributed key-value store that stores all cluster data.
  • kube-apiserver: The API server that serves the Kubernetes API.
  • kube-scheduler: Watches for newly created Pods and assigns them to nodes.
  • kube-controller-manager: Runs controller processes that regulate the state of the cluster.
  • [Optional] cloud-controller-manager: Manages cloud-specific control loops.
  • Data Plane (Worker Nodes)
  • kubelet: An agent that runs on each node and ensures containers are running in a Pod.
  • kube-proxy: Maintains network rules on nodes for Pod communication and handles network proxying for Services.
  • Container Runtime: Software that runs containers (e.g., Docker, containerd).

Low-level Interactions

  • Interfacing with API:
  • Use kubectl or client libraries to interact with the Kubernetes API server.
  • Use http protocols by sending requests to the API server endpoints (e.g., GET /api/v1/namespaces).

Security

  • RBAC (Role-Based Access Control): Manages permissions within the cluster.
  • Network Policies: Controls traffic flow between Pods.
  • Secrets Management: Securely stores sensitive information like passwords and tokens.

Uncommon Commands

  • kubectl api-resources: Lists all API resources available in the cluster.
  • kubectl config view --minify -o jsonpath='{.clusters[0].cluster.server}': Displays the current cluster server URL.
  • kubectl get --raw /healthz: Checks the health of the Kubernetes API server
  • kubectl config view --raw --minify -o jsonpath='{.clusters[0].cluster.server}': Get server from kubeconfig
  • kubectl config view --raw --minify -o jsonpath='{.clusters[0].cluster.certificate-authority-data}' | base64 -d > ca.crt: Get CA cert from kubeconfig
  • kubectl config view --raw --minify -o jsonpath='{.users[0].user.client-certificate-data}' | base64 -d > client.crt: Get Client Certificate from kubeconfig
  • kubectl config view --raw --minify -o jsonpath='{.users[0].user.client-key-data}' | base64 -d > client.key: Get Client Key from kubeconfig